MeirP-3/gist:0e0624ac26db9d3988ba07493fa22604

## gistfile1.txt
$ cat /etc/kubernetes/manifests/kube-apiserver.manifest
apiVersion: v1
kind: Pod
metadata:
  annotations:
    dns.alpha.kubernetes.io/internal: api.internal.dev.nvsrc.com
    scheduler.alpha.kubernetes.io/critical-pod: ""
  creationTimestamp: null
  labels:
    k8s-app: kube-apiserver
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - /bin/sh
    - -c
    - mkfifo /tmp/pipe; (tee -a /var/log/kube-apiserver.log < /tmp/pipe & ) ; exec
      /usr/local/bin/kube-apiserver --allow-privileged=true --anonymous-auth=false
      --apiserver-count=3 --audit-log-maxage=10 --audit-log-maxbackup=1 --audit-log-maxsize=100
      --audit-log-path=/var/log/kube-apiserver-audit.log --audit-policy-file=/srv/kubernetes/assets/audit-policy
      --authentication-token-webhook-config-file=/etc/kubernetes/authn.config --authorization-mode=RBAC
      --basic-auth-file=/srv/kubernetes/basic_auth.csv --bind-address=0.0.0.0 --client-ca-file=/srv/kubernetes/ca.crt
      --cloud-provider=aws --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,NodeRestriction,ResourceQuota
      --etcd-cafile=/etc/kubernetes/pki/kube-apiserver/etcd-ca.crt --etcd-certfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.crt
      --etcd-keyfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.key --etcd-servers-overrides=/events#https://127.0.0.1:4002
      --etcd-servers=https://127.0.0.1:4001 --insecure-bind-address=127.0.0.1 --insecure-port=8080
      --kubelet-client-certificate=/srv/kubernetes/kubelet-api.pem --kubelet-client-key=/srv/kubernetes/kubelet-api-key.pem
      --kubelet-preferred-address-types=InternalIP,Hostname,ExternalIP --proxy-client-cert-file=/srv/kubernetes/apiserver-aggregator.cert
      --proxy-client-key-file=/srv/kubernetes/apiserver-aggregator.key --requestheader-allowed-names=aggregator
      --requestheader-client-ca-file=/srv/kubernetes/apiserver-aggregator-ca.cert
      --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group
      --requestheader-username-headers=X-Remote-User --secure-port=443 --service-cluster-ip-range=100.64.0.0/13
      --storage-backend=etcd3 --tls-cert-file=/srv/kubernetes/server.cert --tls-private-key-file=/srv/kubernetes/server.key
      --token-auth-file=/srv/kubernetes/known_tokens.csv --v=2 > /tmp/pipe 2>&1
    image: k8s.gcr.io/kube-apiserver:v1.14.2
    livenessProbe:
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: 8080
      initialDelaySeconds: 45
      timeoutSeconds: 15
    name: kube-apiserver
    ports:
    - containerPort: 443
      hostPort: 443
      name: https
    - containerPort: 8080
      hostPort: 8080
      name: local
    resources:
      requests:
        cpu: 150m
    volumeMounts:
    - mountPath: /etc/ssl
      name: etcssl
      readOnly: true
    - mountPath: /etc/pki/tls
      name: etcpkitls
      readOnly: true
    - mountPath: /etc/pki/ca-trust
      name: etcpkica-trust
      readOnly: true
    - mountPath: /usr/share/ssl
      name: usrsharessl
      readOnly: true
    - mountPath: /usr/ssl
      name: usrssl
      readOnly: true
    - mountPath: /usr/lib/ssl
      name: usrlibssl
      readOnly: true
    - mountPath: /usr/local/openssl
      name: usrlocalopenssl
      readOnly: true
    - mountPath: /var/ssl
      name: varssl
      readOnly: true
    - mountPath: /etc/openssl
      name: etcopenssl
      readOnly: true
    - mountPath: /var/log/kube-apiserver.log
      name: logfile
    - mountPath: /etc/kubernetes/pki/kube-apiserver
      name: pki
    - mountPath: /srv/kubernetes
      name: srvkube
      readOnly: true
    - mountPath: /srv/sshproxy
      name: srvsshproxy
      readOnly: true
    - mountPath: /var/log
      name: auditlogpathdir
    - mountPath: /etc/kubernetes/authn.config
      name: authn-config
      readOnly: true
  hostNetwork: true
  tolerations:
  - key: CriticalAddonsOnly
    operator: Exists
  volumes:
  - hostPath:
      path: /etc/ssl
    name: etcssl
  - hostPath:
      path: /etc/pki/tls
    name: etcpkitls
  - hostPath:
      path: /etc/pki/ca-trust
    name: etcpkica-trust
  - hostPath:
      path: /usr/share/ssl
    name: usrsharessl
  - hostPath:
      path: /usr/ssl
    name: usrssl
  - hostPath:
      path: /usr/lib/ssl
    name: usrlibssl
  - hostPath:
      path: /usr/local/openssl
    name: usrlocalopenssl
  - hostPath:
      path: /var/ssl
    name: varssl
  - hostPath:
      path: /etc/openssl
    name: etcopenssl
  - hostPath:
      path: /var/log/kube-apiserver.log
    name: logfile
  - hostPath:
      path: /etc/kubernetes/pki/kube-apiserver
      type: DirectoryOrCreate
    name: pki
  - hostPath:
      path: /srv/kubernetes
    name: srvkube
  - hostPath:
      path: /srv/sshproxy
    name: srvsshproxy
  - hostPath:
      path: /var/log
    name: auditlogpathdir
  - hostPath:
      path: /etc/kubernetes/authn.config
    name: authn-config
status: {}
	$ cat /etc/kubernetes/manifests/kube-apiserver.manifest
	apiVersion: v1
	kind: Pod
	metadata:
	annotations:
	dns.alpha.kubernetes.io/internal: api.internal.dev.nvsrc.com
	scheduler.alpha.kubernetes.io/critical-pod: ""
	creationTimestamp: null
	labels:
	k8s-app: kube-apiserver
	name: kube-apiserver
	namespace: kube-system
	spec:
	containers:
	- command:
	- /bin/sh
	- -c
	- mkfifo /tmp/pipe; (tee -a /var/log/kube-apiserver.log < /tmp/pipe & ) ; exec
	/usr/local/bin/kube-apiserver --allow-privileged=true --anonymous-auth=false
	--apiserver-count=3 --audit-log-maxage=10 --audit-log-maxbackup=1 --audit-log-maxsize=100
	--audit-log-path=/var/log/kube-apiserver-audit.log --audit-policy-file=/srv/kubernetes/assets/audit-policy
	--authentication-token-webhook-config-file=/etc/kubernetes/authn.config --authorization-mode=RBAC
	--basic-auth-file=/srv/kubernetes/basic_auth.csv --bind-address=0.0.0.0 --client-ca-file=/srv/kubernetes/ca.crt
	--cloud-provider=aws --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,NodeRestriction,ResourceQuota
	--etcd-cafile=/etc/kubernetes/pki/kube-apiserver/etcd-ca.crt --etcd-certfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.crt
	--etcd-keyfile=/etc/kubernetes/pki/kube-apiserver/etcd-client.key --etcd-servers-overrides=/events#https://127.0.0.1:4002
	--etcd-servers=https://127.0.0.1:4001 --insecure-bind-address=127.0.0.1 --insecure-port=8080
	--kubelet-client-certificate=/srv/kubernetes/kubelet-api.pem --kubelet-client-key=/srv/kubernetes/kubelet-api-key.pem
	--kubelet-preferred-address-types=InternalIP,Hostname,ExternalIP --proxy-client-cert-file=/srv/kubernetes/apiserver-aggregator.cert
	--proxy-client-key-file=/srv/kubernetes/apiserver-aggregator.key --requestheader-allowed-names=aggregator
	--requestheader-client-ca-file=/srv/kubernetes/apiserver-aggregator-ca.cert
	--requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group
	--requestheader-username-headers=X-Remote-User --secure-port=443 --service-cluster-ip-range=100.64.0.0/13
	--storage-backend=etcd3 --tls-cert-file=/srv/kubernetes/server.cert --tls-private-key-file=/srv/kubernetes/server.key
	--token-auth-file=/srv/kubernetes/known_tokens.csv --v=2 > /tmp/pipe 2>&1
	image: k8s.gcr.io/kube-apiserver:v1.14.2
	livenessProbe:
	httpGet:
	host: 127.0.0.1
	path: /healthz
	port: 8080
	initialDelaySeconds: 45
	timeoutSeconds: 15
	name: kube-apiserver
	ports:
	- containerPort: 443
	hostPort: 443
	name: https
	- containerPort: 8080
	hostPort: 8080
	name: local
	resources:
	requests:
	cpu: 150m
	volumeMounts:
	- mountPath: /etc/ssl
	name: etcssl
	readOnly: true
	- mountPath: /etc/pki/tls
	name: etcpkitls
	readOnly: true
	- mountPath: /etc/pki/ca-trust
	name: etcpkica-trust
	readOnly: true
	- mountPath: /usr/share/ssl
	name: usrsharessl
	readOnly: true
	- mountPath: /usr/ssl
	name: usrssl
	readOnly: true
	- mountPath: /usr/lib/ssl
	name: usrlibssl
	readOnly: true
	- mountPath: /usr/local/openssl
	name: usrlocalopenssl
	readOnly: true
	- mountPath: /var/ssl
	name: varssl
	readOnly: true
	- mountPath: /etc/openssl
	name: etcopenssl
	readOnly: true
	- mountPath: /var/log/kube-apiserver.log
	name: logfile
	- mountPath: /etc/kubernetes/pki/kube-apiserver
	name: pki
	- mountPath: /srv/kubernetes
	name: srvkube
	readOnly: true
	- mountPath: /srv/sshproxy
	name: srvsshproxy
	readOnly: true
	- mountPath: /var/log
	name: auditlogpathdir
	- mountPath: /etc/kubernetes/authn.config
	name: authn-config
	readOnly: true
	hostNetwork: true
	tolerations:
	- key: CriticalAddonsOnly
	operator: Exists
	volumes:
	- hostPath:
	path: /etc/ssl
	name: etcssl
	- hostPath:
	path: /etc/pki/tls
	name: etcpkitls
	- hostPath:
	path: /etc/pki/ca-trust
	name: etcpkica-trust
	- hostPath:
	path: /usr/share/ssl
	name: usrsharessl
	- hostPath:
	path: /usr/ssl
	name: usrssl
	- hostPath:
	path: /usr/lib/ssl
	name: usrlibssl
	- hostPath:
	path: /usr/local/openssl
	name: usrlocalopenssl
	- hostPath:
	path: /var/ssl
	name: varssl
	- hostPath:
	path: /etc/openssl
	name: etcopenssl
	- hostPath:
	path: /var/log/kube-apiserver.log
	name: logfile
	- hostPath:
	path: /etc/kubernetes/pki/kube-apiserver
	type: DirectoryOrCreate
	name: pki
	- hostPath:
	path: /srv/kubernetes
	name: srvkube
	- hostPath:
	path: /srv/sshproxy
	name: srvsshproxy
	- hostPath:
	path: /var/log
	name: auditlogpathdir
	- hostPath:
	path: /etc/kubernetes/authn.config
	name: authn-config
	status: {}